How can i remove Backdoors correctly?

Backdoors can be in many different forms. I would mainly search for "http" , "Runstring, and "= _G". Majority (if not all) backdoors will be in serverside files. If you have lua experience you can detour fetch, post and runstring to find out if they have been used.